IIS Username & Pass. Authentication Type?

Toggle sidebar Toggle sidebar
E

eldiablopotato

Junior Member
Oct 28, 2009
24
0
66
Long story short I'm needing to add somekind of a username & password prompt to a Windows 2008 IIS7 server. To be honest IIS isn't my cup of tea, especially when it comes to picking the authentication type. There are so many choices: basic authentication, digest authentication, windows authentication, form authentication, and so on. If anyone can provide any guidance on which on to use, please post. :)

FYI, the server is alone.. meaning it has doesn't have access to active directory or a database.
 
RebateMonger

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
This article discusses each type of IIS authentication and gives pros/cons for each:

http://msdn.microsoft.com/en-us/library/aa292114(VS.71).aspx

Forms-based authentication is done when you have your own user account database and want to use it instead of any built-in Windows methods. If you have 1 million users and don't want 1 million Windows user accounts and don't want to hand out user certificates to 1 million people, then you'll probably do some sort of forms-based authentication.

If you use forms-based and don't want your authentications in clear text, you should use encryption of some sort (usually SSL).
 
E

eldiablopotato

Junior Member
Oct 28, 2009
24
0
66
RebateMonger said:
This article discusses each type of IIS authentication and gives pros/cons for each:

http://msdn.microsoft.com/en-us/library/aa292114(VS.71).aspx

Forms-based authentication is done when you have your own user account database and want to use it instead of any built-in Windows methods. If you have 1 million users and don't want 1 million Windows user accounts and don't want to hand out user certificates to 1 million people, then you'll probably do some sort of forms-based authentication.

If you use forms-based and don't want your authentications in clear text, you should use encryption of some sort (usually SSL).
Click to expand...

Thanks for the link, I forgot to mention that the IIS server is currently using SSL. There will only be at max 5 users accounts, so Basic auth with SSL might be the best way to go.. yes?

Originally I was thinking Windows auth, but since I don't have a kerberos server for it to talk to.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom